[KAFKA-69] Obscure username/password in logs Created: 24/Sep/19  Updated: 28/Oct/23  Resolved: 22/Oct/19

Status: Closed
Project: Kafka Connector
Component/s: None
Affects Version/s: None
Fix Version/s: 0.3

Type: Bug Priority: Major - P3
Reporter: Seth Payne Assignee: Ross Lawley
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Case:

 Description   

At present, username and password details are cleartext in logs.

We need to obscure/anonymize this information



 Comments   
Comment by Githook User [ 22/Oct/19 ]

Author:

{'name': 'Ross Lawley', 'username': 'rozza', 'email': 'ross.lawley@gmail.com'}

Message: Ensure configuration does not log

KAFKA-69
Branch: master
https://github.com/mongodb/mongo-kafka/commit/e659a2ec21d004b833daa669c3c53c369be999be

Comment by Ross Lawley [ 09/Oct/19 ]

Kafka's AbstractConfig is logging all the configuration properties. This logging can be disabled easily, but outputting the configuration would help debugging. Custom logging would be required to handle the connection string and not leak the username / password.

Generated at Thu Feb 08 09:05:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.